From 21e6cbb2c4b9be026839c50d20a1a136b68211bf Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Mon, 17 Aug 2020 16:55:03 +0200 Subject: [PATCH] Documentation for #2281 --- doc/sources/admin/ssocookie.rst | 6 +++++- doc/sources/admin/upgrade_2_0_x.rst | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/doc/sources/admin/ssocookie.rst b/doc/sources/admin/ssocookie.rst index 796b7ec48..81cc4410b 100644 --- a/doc/sources/admin/ssocookie.rst +++ b/doc/sources/admin/ssocookie.rst @@ -29,13 +29,17 @@ To edit SSO cookie parameters, go in Manager, ``General Parameters`` > only one session is created in session database - **Javascript protection**: set httpOnly flag, to prevent cookie from - being caught by javascript code + being leaked by malicious javascript code - **Cookie expiration time**: by default, SSO cookie is a session cookie, which means it will be destroyed when browser is closed. You can change this behavior by setting a cookie expiration time. It must be an integer. **Cookie Expiration Time** value is a number of seconds until the cookie expires. Set a zero value to disable expiration time and use a session cookie. +- **Cookie SameSite value**: the value of the SameSite cookie attribute. By + default, LemonLDAP::NG will set it to "Lax" in most cases, and "None" if you + use SAML. Using "None" requres Secured Cookies, and accessing applications + over HTTPS on most web browsers. .. danger:: diff --git a/doc/sources/admin/upgrade_2_0_x.rst b/doc/sources/admin/upgrade_2_0_x.rst index 2437f9a53..255bd486f 100644 --- a/doc/sources/admin/upgrade_2_0_x.rst +++ b/doc/sources/admin/upgrade_2_0_x.rst @@ -33,6 +33,9 @@ backups and a rollback plan ready! need to manually change your existing ``localSessionStorageOptions/cache_root`` parameter from ``/tmp`` to ``/var/cache/lemonldap-ng``. +- This release fixes several issues when using ``SameSite=None``. The new + default value of the SameSite configuration parameter will set SameSite to + ``Lax`` unless you are using SAML, which requires ``None`` 2.0.8 -----